<!DOCTYPE html>


<html lang="zh-CN">
  

    <head>
      <meta charset="utf-8" />
        
      <meta name="description" content="欢迎与我交流自动化测试、测试开发、持续集成、DevOps方面知识经验，可在评论区留言。" />
      
      <meta
        name="viewport"
        content="width=device-width, initial-scale=1, maximum-scale=1"
      />
      <title>CentOS7调优实践 |  恰得福来的博客</title>
  <meta name="generator" content="hexo-theme-ayer">
      
      <link rel="shortcut icon" href="/favicon.ico" />
       
<link rel="stylesheet" href="/dist/main.css">

      <link
        rel="stylesheet"
        href="https://cdn.jsdelivr.net/gh/Shen-Yu/cdn/css/remixicon.min.css"
      />
      
<link rel="stylesheet" href="/css/custom.css">
 
      <script src="https://cdn.jsdelivr.net/npm/pace-js@1.0.2/pace.min.js"></script>
       
 

      <link
        rel="stylesheet"
        href="https://cdn.jsdelivr.net/npm/@sweetalert2/theme-bulma@5.0.1/bulma.min.css"
      />
      <script src="https://cdn.jsdelivr.net/npm/sweetalert2@11.0.19/dist/sweetalert2.min.js"></script>

      <!-- mermaid -->
      
      <style>
        .swal2-styled.swal2-confirm {
          font-size: 1.6rem;
        }
      </style>
    <link rel="alternate" href="/atom.xml" title="恰得福来的博客" type="application/atom+xml">
</head>
  </html>
</html>


<body>
  <div id="app">
    
      
    <main class="content on">
      <section class="outer">
  <article
  id="post-CentOS7调优实践"
  class="article article-type-post"
  itemscope
  itemprop="blogPost"
  data-scroll-reveal
>
  <div class="article-inner">
    
    <header class="article-header">
       
<h1 class="article-title sea-center" style="border-left:0" itemprop="name">
  CentOS7调优实践
</h1>
 

      
    </header>
     
    <div class="article-meta">
      <a href="/2021/10/05/CentOS7%E8%B0%83%E4%BC%98%E5%AE%9E%E8%B7%B5/" class="article-date">
  <time datetime="2021-10-05T15:58:00.000Z" itemprop="datePublished">2021-10-05</time>
</a> 
  <div class="article-category">
    <a class="article-category-link" href="/categories/centos/">centos</a>
  </div>
  
<div class="word_count">
    <span class="post-time">
        <span class="post-meta-item-icon">
            <i class="ri-quill-pen-line"></i>
            <span class="post-meta-item-text"> 字数统计:</span>
            <span class="post-count">3.5k</span>
        </span>
    </span>

    <span class="post-time">
        &nbsp; | &nbsp;
        <span class="post-meta-item-icon">
            <i class="ri-book-open-line"></i>
            <span class="post-meta-item-text"> 阅读时长≈</span>
            <span class="post-count">14 分钟</span>
        </span>
    </span>
</div>
 
    </div>
      
    <div class="tocbot"></div>




  
    <div class="article-entry" itemprop="articleBody">
       
  <h2 id="概述"><a href="#概述" class="headerlink" title="概述"></a>概述</h2><p>如何使一台服务器充分发挥它的性能，其实是有很多讲究的。除了提升它的硬件配置，包括CPU、内存、硬盘、网络带宽等，也还需要合理设置它的操作系统参数，只有软硬件都设置得当，才能发挥最大能力。</p>
<p>这里不对如何进行硬件配置的优化展开讲，我们讲的主要还是操作系统层次的设置优化。参考官方性能调优指南：<a target="_blank" rel="noopener" href="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/performance_tuning_guide/index">https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/performance_tuning_guide/index</a>。</p>
<h2 id="具体调优点"><a href="#具体调优点" class="headerlink" title="具体调优点"></a>具体调优点</h2><p>常见需要调优的有如下几类，具体在后面会详细介绍如何调整：</p>
<ul>
<li>调整文件数限制<ul>
<li>fs.file_max：允许打开的最大文件数，在linux中一切皆文件，所以要最大化利用计算机资源需要调大这个数值</li>
<li>其他：在/etc/security/limits.conf中调整linux系统用户可打开的文件数</li>
</ul>
</li>
<li>调整网络参数：<ul>
<li>调整端口范围，修改net.ipv4.ip_local_port_range，设置为一个较大范围</li>
<li>修改net.core.somaxconn：这个参数是优化最大允许同时连接数</li>
<li>net.ipv4.tcp_max_syn_backlog</li>
<li>net.core.netdev_max_backlog</li>
</ul>
</li>
<li>其他优化</li>
</ul>
<h3 id="查看系统内核参数的方法"><a href="#查看系统内核参数的方法" class="headerlink" title="查看系统内核参数的方法"></a>查看系统内核参数的方法</h3><p>一种方法是在/etc/sysctl.conf看，但是有些参数没有被显示配置，但是在系统中是有默认值的，那么就可以使用<code>sysctl</code>命令查看该参数的数值。</p>
<p>常用的命令：</p>
<ul>
<li>sysctl -a：查看所有内核参数</li>
<li>sysctl -N ${name}：查看某个参数是否存在，比如sysctl -N net.core.somaxconn</li>
<li>sysctl -n ${name}：查看某个参数的具体值，比如sysctl -n net.core.somaxconn</li>
<li>sysctl -w ${name}=${value}：临时设置某个参数的具体值，比如sysctl -w net.core.somaxconn=65535 注意值是有类型的，比如无符号短整型</li>
<li>sysctl -p：重新加载这个配置文件</li>
</ul>
<h3 id="调整文件数限制"><a href="#调整文件数限制" class="headerlink" title="调整文件数限制"></a>调整文件数限制</h3><p>编辑/etc/security/limits.conf，修改文件数限制：</p>
<ul>
<li>查看最大可打开文件书：cat /proc/sys/fs/file-max</li>
<li>修改/etc/security/limits.conf限制，最后添加<code>root    -       nofile  1000000</code></li>
<li>执行ulimit -n 1000000动态修改文件数限制，和上面第二部结合起来，就不需要重启电脑</li>
</ul>
<p>对于上述第二点，可能需要设置其他用户或所有用户的打开文件数限制，可以通过添加<code>*    -       nofile  1000000</code>为所有用户打开限制。</p>
<h3 id="修改网络参数"><a href="#修改网络参数" class="headerlink" title="修改网络参数"></a>修改网络参数</h3><h4 id="调整端口范围"><a href="#调整端口范围" class="headerlink" title="调整端口范围"></a>调整端口范围</h4><p>默认的端口打开范围是3万多到6万多，调整为从10000到65535：<code>net.ipv4.ip_local_port_range = 10000 65535</code></p>
<p>后面如果没有提到修改哪个文件，默认就是修改/etc/sysctl.conf。</p>
<h4 id="修改允许连接的最大数"><a href="#修改允许连接的最大数" class="headerlink" title="修改允许连接的最大数"></a>修改允许连接的最大数</h4><p>首先查看网络允许连接的最大数：<code>sysctl -n net.core.somaxconn</code>，发现只有128，因此需要调整，调整为10万应该够了：<code>sysctl -w net.core.somaxconn=100000</code>。</p>
<p>设置的时候遇到<code>sysctl: setting key &quot;net.core.somaxconn&quot;: 无效的参数</code>错误。经过搜索了解，somaxconn值类型是USHRT（无符号短整型），最大值不应超过65535(USHRT_MAX)。</p>
<p>经过测试，确实如此，因为当我把该参数值设为65536的时候失败了，而65535可以成功。测试通过。</p>
<p>设置成功后的输出：</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">[root@hadoop2 ~]<span class="comment"># sysctl -w net.core.somaxconn=65535</span></span><br><span class="line">net.core.somaxconn = 65535</span><br></pre></td></tr></table></figure>

<p>记得在/etc/sysctl.conf中配置，否则重启后上述临时设置会失效。在该文件增加<code>net.core.somaxconn = 65535</code>。</p>
<p>据说也有办法可以调整，如果真的需要调整，可能需要打补丁，这点没有测试过，不做保证。参考：<a target="_blank" rel="noopener" href="https://lists.ubuntu.com/archives/kernel-team/2013-October/033041.html">https://lists.ubuntu.com/archives/kernel-team/2013-October/033041.html</a></p>
<h4 id="修改发送和接收队列数"><a href="#修改发送和接收队列数" class="headerlink" title="修改发送和接收队列数"></a>修改发送和接收队列数</h4><p>在<code>/etc/sysctl.conf</code>设置：</p>
<figure class="highlight properties"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">net.ipv4.tcp_max_syn_backlog</span> = <span class="string">262144</span></span><br><span class="line"><span class="meta">net.core.netdev_max_backlog</span> = <span class="string">262144</span></span><br></pre></td></tr></table></figure>

<p><code>tcp_max_syn_backlog</code>指Tcp syn队列的最大长度，与tcp连接建立时的三次握手相关。</p>
<p>参数<code>net.core.netdev_max_backlog</code>表示当每个网络接口接受数据包的速率比内核处理这些包的速率快时，允许接收队列（原文是INPUT side）的数据包的最大数目，我们调整为262144。</p>
<p>设置完成后执行<code>sysctl -p</code>加载配置。</p>
<p>相关解释：</p>
<ul>
<li>中文材料：<a target="_blank" rel="noopener" href="http://www.lmyw.net.cn/?p=1390">http://www.lmyw.net.cn/?p=1390</a></li>
<li>看起来是官方内核参数手册：<a target="_blank" rel="noopener" href="https://www.kernel.org/doc/html/latest/admin-guide/sysctl/net.html?highlight=netdev_max_backlog">https://www.kernel.org/doc/html/latest/admin-guide/sysctl/net.html?highlight=netdev_max_backlog</a></li>
</ul>
<h3 id="使用tuned工具调优服务器"><a href="#使用tuned工具调优服务器" class="headerlink" title="使用tuned工具调优服务器"></a>使用tuned工具调优服务器</h3><p>tuned是什么？是一款用于优化Linux系统性能的工具，可以配置cockpit使用。该工具相当于对服务器的运行模式做了调整，并不能替代上述我们所做的操作。</p>
<p>tuned并不是系统自带，需要另行安装。</p>
<p>执行命令<code>tuned-adm active</code>可以查看活跃的性能配置。另外，tuned可以设置多个profile，但是目前发现如果使用<code>tuned-admin profile a b c</code>这个命令设置throughput-performance和其他profile混用，则命令会报错。</p>
<p>对于需要充当服务器角色的机器，应该设置为<code>throughput-performance</code>配置类型，如果是使用vmware创建的虚拟机，默认应该是<code>virtual-guest</code>。</p>
<p>那么问题来了，调了以后有用吗？</p>
<p>在测试中，使用了<code>throughput-performance</code>这个配置。经过测试，配合相关参数的优化，最终服务器的的CPU使用率几乎达到满负荷。这证明我们的设置是有效的。</p>
<p>参考：</p>
<ul>
<li>安装及使用：<a target="_blank" rel="noopener" href="https://computingforgeeks.com/optimize-linux-system-performance-with-tuned-adm/">https://computingforgeeks.com/optimize-linux-system-performance-with-tuned-adm/</a>。</li>
<li>创建个性化的tuned profile：<a target="_blank" rel="noopener" href="https://www.tecmint.com/tuned-automatic-performance-tuning-of-centos-rhel-servers/">https://www.tecmint.com/tuned-automatic-performance-tuning-of-centos-rhel-servers/</a></li>
<li>在centos 7上创建自己的tuned profile：<a target="_blank" rel="noopener" href="https://www.golinuxcloud.com/how-to-create-custom-tuned-profile-in-linux-rhel-centos-7/">https://www.golinuxcloud.com/how-to-create-custom-tuned-profile-in-linux-rhel-centos-7/</a></li>
</ul>
<h2 id="验证"><a href="#验证" class="headerlink" title="验证"></a>验证</h2><p>上面已经说了如何优化，但是生产环境是不能随意改的，所以我们在alpha做下优化，看是否确实正确且有效。</p>
<h3 id="首先验证在缺省的sysctl-conf配置下系统性能"><a href="#首先验证在缺省的sysctl-conf配置下系统性能" class="headerlink" title="首先验证在缺省的sysctl.conf配置下系统性能"></a>首先验证在缺省的<code>sysctl.conf</code>配置下系统性能</h3><p>使用nginx下的index.html来验证，性能工具使用wrk。</p>
<p>测试结果：</p>
<ol>
<li>一开始吞吐量还比较大，系统TPS比较大，随着请求越来越多，连接错误越来越多，tps由一开始的接近1w下降到几百，性能急剧下降，错误主要是连接被拒绝</li>
<li>上述连接错误是因为系统参数设置太小，主要是<code>net.core.somaxconn</code>太小，这个参数太小导致系统同时建立的连接数被限制在128以内。下面是运行过程中统计的连接情况：</li>
</ol>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">[root@localhost lizhiqiang]<span class="comment"># netstat -n | awk &#x27;/^tcp/ &#123;++S[$NF]&#125; END &#123;for(a in S) print a, S[a]&#125;&#x27;</span></span><br><span class="line">TIME_WAIT 13</span><br><span class="line">ESTABLISHED 128</span><br></pre></td></tr></table></figure>

<h3 id="验证使用新的sysctl-conf配置后系统性能"><a href="#验证使用新的sysctl-conf配置后系统性能" class="headerlink" title="验证使用新的sysctl.conf配置后系统性能"></a>验证使用新的sysctl.conf配置后系统性能</h3><p>使用下述附录所示的<code>sysctl.conf</code>配置以及上述内容提到的其他配置后，运行在一台8C16G的linux虚拟机上的NGINX web服务的性能可达到10w qps，CPU利用率几乎100%，这说明了优化措施的有效性。</p>
<h2 id="附录"><a href="#附录" class="headerlink" title="附录"></a>附录</h2><h3 id="sysctl-conf完整配置示例"><a href="#sysctl-conf完整配置示例" class="headerlink" title="sysctl.conf完整配置示例"></a>sysctl.conf完整配置示例</h3><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br><span class="line">58</span><br><span class="line">59</span><br><span class="line">60</span><br><span class="line">61</span><br><span class="line">62</span><br><span class="line">63</span><br><span class="line">64</span><br><span class="line">65</span><br><span class="line">66</span><br><span class="line">67</span><br><span class="line">68</span><br><span class="line">69</span><br><span class="line">70</span><br><span class="line">71</span><br><span class="line">72</span><br><span class="line">73</span><br><span class="line">74</span><br><span class="line">75</span><br><span class="line">76</span><br><span class="line">77</span><br><span class="line">78</span><br><span class="line">79</span><br><span class="line">80</span><br><span class="line">81</span><br><span class="line">82</span><br><span class="line">83</span><br><span class="line">84</span><br><span class="line">85</span><br><span class="line">86</span><br><span class="line">87</span><br><span class="line">88</span><br><span class="line">89</span><br><span class="line">90</span><br><span class="line">91</span><br><span class="line">92</span><br><span class="line">93</span><br><span class="line">94</span><br><span class="line">95</span><br><span class="line">96</span><br><span class="line">97</span><br><span class="line">98</span><br><span class="line">99</span><br><span class="line">100</span><br><span class="line">101</span><br><span class="line">102</span><br><span class="line">103</span><br><span class="line">104</span><br><span class="line">105</span><br><span class="line">106</span><br><span class="line">107</span><br><span class="line">108</span><br><span class="line">109</span><br><span class="line">110</span><br><span class="line">111</span><br><span class="line">112</span><br><span class="line">113</span><br><span class="line">114</span><br><span class="line">115</span><br><span class="line">116</span><br><span class="line">117</span><br><span class="line">118</span><br><span class="line">119</span><br><span class="line">120</span><br><span class="line">121</span><br><span class="line">122</span><br><span class="line">123</span><br><span class="line">124</span><br><span class="line">125</span><br></pre></td><td class="code"><pre><span class="line"># Max listen queue backlog</span><br><span class="line"># make sure to increase nginx backlog as well if changed</span><br><span class="line">net.core.somaxconn = 65535</span><br><span class="line"></span><br><span class="line"># 是指定所能接受SYN同步包的最大客户端数量。</span><br><span class="line"># Increase max half-open connections.</span><br><span class="line">net.ipv4.tcp_max_syn_backlog = 262144</span><br><span class="line"></span><br><span class="line"># 每个网络接口接收数据包的速率比内核处理这些包的速率快时，允许送到队列的数据包的最大数目。</span><br><span class="line"># Max number of packets that can be queued on interface input</span><br><span class="line"># If kernel is receiving packets faster than can be processed</span><br><span class="line"># this queue increases</span><br><span class="line">net.core.netdev_max_backlog = 262144</span><br><span class="line"></span><br><span class="line"># 允许系统打开的端口范围，扩大端口数</span><br><span class="line"># 可配成1024 65535进一步扩大可用范围</span><br><span class="line">net.ipv4.ip_local_port_range = 1024 65535</span><br><span class="line"></span><br><span class="line"># 在TIME_WAIT数量等于该值时，不会有新的产生，</span><br><span class="line"># 这个参数表示操作系统允许TIME_WAIT套接字数量的最大值，如果超过这个数字，TIME_WAIT套接字将立刻被清除并打印警告信息。该参数默认为65536(在centos7)，过多的TIME_WAIT套接字会使Web服务器变慢。注：主动关闭连接的服务端会产生TIME_WAIT状态的连接</span><br><span class="line"># max number of sockets allowed in TIME_WAIT</span><br><span class="line">net.ipv4.tcp_max_tw_buckets = 6000</span><br><span class="line"></span><br><span class="line"># 是否启用timewait 快速回收。如果服务器身处NAT环境，tcp_timestamps为1，安全起见，要禁止</span><br><span class="line">net.ipv4.tcp_tw_recycle = 1</span><br><span class="line"></span><br><span class="line"># # 开启重用。允许将TIME-WAIT sockets 重新用于新的TCP 连接。</span><br><span class="line">net.ipv4.tcp_tw_reuse = 1</span><br><span class="line"></span><br><span class="line">#这个参数表示内核套接字接受缓存区默认的大小。</span><br><span class="line">net.core.rmem_default = 6291456</span><br><span class="line"></span><br><span class="line">##这个参数表示内核套接字发送缓存区默认的大小。</span><br><span class="line">net.core.wmem_default = 6291456</span><br><span class="line"></span><br><span class="line">##这个参数表示内核套接字接受缓存区的最大大小。12MB</span><br><span class="line">net.core.rmem_max = 12582912</span><br><span class="line"></span><br><span class="line">##这个参数表示内核套接字发送缓存区的最大大小。12MB</span><br><span class="line">net.core.wmem_max = 12582912</span><br><span class="line"></span><br><span class="line"># 打开文件句柄数量</span><br><span class="line">fs.file-max = 1000000</span><br><span class="line"></span><br><span class="line"># 默认是1，对于负载均衡服务器来说必须设为1，此处设为0没有关系，可设可不设</span><br><span class="line">net.ipv4.ip_forward = 0</span><br><span class="line"></span><br><span class="line"># sysrq允许系统在任何时候响应用户按键操作，除非被锁定</span><br><span class="line"># 默认是16，表示启动sysrq命令，0表示完全禁用 sysrq</span><br><span class="line"># It is a ‘magical’ key combo you can hit which the kernel will respond to regardless of whatever else it is doing, unless it is completely locked up.</span><br><span class="line"># https://www.kernel.org/doc/html/latest/admin-guide/sysctl/kernel.html?highlight=kernel%20sysrq#sysrq</span><br><span class="line"># 是否设置无所谓</span><br><span class="line">kernel.sysrq = 0</span><br><span class="line"></span><br><span class="line">#IPC通信相关参数，建议可以增加</span><br><span class="line">#MSGMNB - Default maximum size in bytes of a message queue: 16384 bytes (on Linux, this limit can be read and modified via /proc/sys/kernel/msgmnb). The superuser can increase the size of a message queue beyond MSGMNB by a msgctl() system call.</span><br><span class="line">kernel.msgmnb = 65536</span><br><span class="line">#Maximum size for a message text: 8192 bytes (on Linux, this limit can be read and modified via /proc/sys/kernel/msgmax).</span><br><span class="line">kernel.msgmax = 65536</span><br><span class="line"></span><br><span class="line">#共享内存相关参数</span><br><span class="line">#Maximum size in bytes for a shared memory segment。实际是16GB物理内存，设成64GB，可以根据实际测试情况调整，但最小应该在4GB以上（在32位linux系统上最小是4GB）</span><br><span class="line">kernel.shmmax = 68719476736</span><br><span class="line"># shmall最少得是ceil(shmmax/PAGE_SIZE)，执行getconf PAGE_SIZE可得到PAGE_SIZE大小。centos7中是4096</span><br><span class="line">kernel.shmall = 4294967296</span><br><span class="line"></span><br><span class="line"># The first value tells the kernel the minimum receive/send buffer for each TCP connection,</span><br><span class="line"># and this buffer is always allocated to a TCP socket,</span><br><span class="line"># even under high pressure on the system. …</span><br><span class="line"># The second value specified tells the kernel the default receive/send buffer</span><br><span class="line"># allocated for each TCP socket. This value overrides the /proc/sys/net/core/rmem_default</span><br><span class="line"># value used by other protocols. … The third and last value specified</span><br><span class="line"># in this variable specifies the maximum receive/send buffer that can be allocated for a TCP socket.</span><br><span class="line"># Note: The kernel will auto tune these values between the min-max range</span><br><span class="line"># If for some reason you wanted to change this behavior, disable net.ipv4.tcp_moderate_rcvbuf</span><br><span class="line">#这个参数定义了TCP接受缓存（用于TCP接受滑动窗口）的最小值、默认值、最大值。</span><br><span class="line">#默认情况下这几个值是4096	16384	4194304</span><br><span class="line">net.ipv4.tcp_rmem = 10240 87380 12582912</span><br><span class="line">#这个参数定义了TCP发送缓存（用于TCP发送滑动窗口）的最小值、默认值、最大值。</span><br><span class="line">net.ipv4.tcp_wmem = 10240 87380 12582912</span><br><span class="line"></span><br><span class="line">#这个参数表示内核套接字发送缓存区默认的大小。默认是212992</span><br><span class="line">net.core.wmem_default = 8388608</span><br><span class="line">#这个参数表示内核套接字接受缓存区默认的大小。</span><br><span class="line">net.core.rmem_default = 8388608</span><br><span class="line">#这个参数表示内核套接字接受缓存区的最大大小。默认是212992</span><br><span class="line">net.core.rmem_max = 16777216</span><br><span class="line">#这个参数表示内核套接字发送缓存区的最大大小。</span><br><span class="line">net.core.wmem_max = 16777216</span><br><span class="line"></span><br><span class="line"># 系统中最多有多少个TCP 套接字不被关联到任何一个用户文件句柄上。如果超过这个数字，孤儿连接将即刻被复位并打印出警告信息。默认是65536</span><br><span class="line"># Increase max TCP orphans</span><br><span class="line"># These are sockets which have been closed and no longer have a file handle attached to them</span><br><span class="line">net.ipv4.tcp_max_orphans = 262144</span><br><span class="line"></span><br><span class="line"># 开启时就是同一个源IP来连接同一个目的端口的数据包时间戳必须是递增的，否则就丢弃。默认是打开的</span><br><span class="line">net.ipv4.tcp_timestamps = 0</span><br><span class="line"></span><br><span class="line"># Only retry creating TCP connections twice</span><br><span class="line"># Minimize the time it takes for a connection attempt to fail</span><br><span class="line"># 为了打开对端的连接，内核需要发送一个SYN，以确认收到上一个 SYN连接请求包。也就是所谓三次握手中的第二次握手。</span><br><span class="line"># 这个设置决定了内核放弃连接之前发送SYN+ACK 包的数量。有文章建议设为2个</span><br><span class="line">net.ipv4.tcp_synack_retries = 1</span><br><span class="line"># 对于一个新建连接，内核要发送多少个 SYN 连接请求才决定放弃。有文章建议设为2个</span><br><span class="line">net.ipv4.tcp_syn_retries = 1</span><br><span class="line"></span><br><span class="line"># Units are in page size (default page size is 4 kb)</span><br><span class="line"># These are global variables affecting total pages for TCP</span><br><span class="line"># sockets</span><br><span class="line"># 8388608 * 4 = 32 GB</span><br><span class="line">#  low pressure high</span><br><span class="line">#  When mem allocated by TCP exceeds “pressure”, kernel will put pressure on TCP memory</span><br><span class="line">#  We set all these values high to basically prevent any mem pressure from ever occurring</span><br><span class="line">#  on our TCP sockets</span><br><span class="line">#默认是378357	504477	756714（单位页大小，即4KB），对应的大小大约是1.5GB 1.9GB 2.9GB</span><br><span class="line"># 提高配置避免出现内存分配压力（根据实际内存大小可以计算一下）</span><br><span class="line">net.ipv4.tcp_mem = 94500000 915000000 927000000</span><br><span class="line"></span><br><span class="line">## timeout状态时间 </span><br><span class="line">#表示如果套接字由本端要求关闭，这个参数决定了它保持在FIN-WAIT-2状态的时间。默认是60s，可以设置小一些</span><br><span class="line">net.ipv4.tcp_fin_timeout = 15</span><br><span class="line"></span><br><span class="line">#这个参数表示当keepalive启用时，TCP发送keepalive消息的频度。默认是2小时(7200秒)，若将其设置的小一些，可以更快地清理无效的连接。</span><br><span class="line">#How often TCP sends out keepalive messages when keepalive is enabled. Default: 2hours.</span><br><span class="line">net.ipv4.tcp_keepalive_time = 30</span><br></pre></td></tr></table></figure>

<h3 id="探索系统配置工具Cockpit-Web"><a href="#探索系统配置工具Cockpit-Web" class="headerlink" title="探索系统配置工具Cockpit Web"></a>探索系统配置工具Cockpit Web</h3><p>Cockpit Web是一个查看系统配置的web工具。在<a target="_blank" rel="noopener" href="https://computingforgeeks.com/optimize-linux-system-performance-with-tuned-adm/">https://computingforgeeks.com/optimize-linux-system-performance-with-tuned-adm/</a>的推荐下，搜索了工具怎么使用。</p>
<p>我的观点是，如果有可视化界面可以一览式查看系统的配置，可以节省很多精力。因为它可以让我们把精力放在最重要或最值得关注的点上面。另外，如果工具可以让我了解有哪些可以用的最优设置，然后就可以和之前摸索工的、自己修改过的配置对比，了解自己的设置是否是正确的，两相印证。</p>
<p>安装操作见<a target="_blank" rel="noopener" href="https://www.hangge.com/blog/cache/detail_3024.html">https://www.hangge.com/blog/cache/detail_3024.html</a>。cockpit web页面的访问地址是<a target="_blank" rel="noopener" href="https://ip:9090/system">https://ip:9090/system</a>。</p>
<p>总结一下必要的命令：</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment">#启用 epel-release</span></span><br><span class="line">yum install epel-release</span><br><span class="line"><span class="comment">#安装 dnf：entOS 8 自带了 dnf可以不装</span></span><br><span class="line">yum install dnf</span><br><span class="line"><span class="comment">#安装cockpit</span></span><br><span class="line">dnf install cockpit cockpit-machines</span><br><span class="line"><span class="comment">#启动cockpit服务或设置自动启动服务</span></span><br><span class="line">systemctl start cockpit.socket</span><br><span class="line">systemctl <span class="built_in">enable</span> cockpit.socket</span><br></pre></td></tr></table></figure>

<h2 id="参考"><a href="#参考" class="headerlink" title="参考"></a>参考</h2><ul>
<li>关于<code>/proc/sys/net/</code>的说明：<a target="_blank" rel="noopener" href="https://www.kernel.org/doc/html/latest/admin-guide/sysctl/net.html?highlight=netdev_max_backlog">https://www.kernel.org/doc/html/latest/admin-guide/sysctl/net.html?highlight=netdev_max_backlog</a></li>
<li>linux ipc and limits: <a target="_blank" rel="noopener" href="https://tech.vys.in/2007/08/ipc-limits-in-linux.html">https://tech.vys.in/2007/08/ipc-limits-in-linux.html</a></li>
</ul>
 
      <!-- reward -->
      
    </div>
    

    <!-- copyright -->
    
    <div class="declare">
      <ul class="post-copyright">
        <li>
          <i class="ri-copyright-line"></i>
          <strong>版权声明： </strong>
          
          本博客所有文章除特别声明外，著作权归作者所有。转载请注明出处！
          
        </li>
      </ul>
    </div>
    
    <footer class="article-footer">
       
<div class="share-btn">
      <span class="share-sns share-outer">
        <i class="ri-share-forward-line"></i>
        分享
      </span>
      <div class="share-wrap">
        <i class="arrow"></i>
        <div class="share-icons">
          
          <a class="weibo share-sns" href="javascript:;" data-type="weibo">
            <i class="ri-weibo-fill"></i>
          </a>
          <a class="weixin share-sns wxFab" href="javascript:;" data-type="weixin">
            <i class="ri-wechat-fill"></i>
          </a>
          <a class="qq share-sns" href="javascript:;" data-type="qq">
            <i class="ri-qq-fill"></i>
          </a>
          <a class="douban share-sns" href="javascript:;" data-type="douban">
            <i class="ri-douban-line"></i>
          </a>
          <!-- <a class="qzone share-sns" href="javascript:;" data-type="qzone">
            <i class="icon icon-qzone"></i>
          </a> -->
          
          <a class="facebook share-sns" href="javascript:;" data-type="facebook">
            <i class="ri-facebook-circle-fill"></i>
          </a>
          <a class="twitter share-sns" href="javascript:;" data-type="twitter">
            <i class="ri-twitter-fill"></i>
          </a>
          <a class="google share-sns" href="javascript:;" data-type="google">
            <i class="ri-google-fill"></i>
          </a>
        </div>
      </div>
</div>

<div class="wx-share-modal">
    <a class="modal-close" href="javascript:;"><i class="ri-close-circle-line"></i></a>
    <p>扫一扫，分享到微信</p>
    <div class="wx-qrcode">
      <img src="//api.qrserver.com/v1/create-qr-code/?size=150x150&data=https://johnny1952.github.io/2021/10/05/CentOS7%E8%B0%83%E4%BC%98%E5%AE%9E%E8%B7%B5/" alt="微信分享二维码">
    </div>
</div>

<div id="share-mask"></div>  
  <ul class="article-tag-list" itemprop="keywords"><li class="article-tag-list-item"><a class="article-tag-list-link" href="/tags/centos/" rel="tag">centos</a></li><li class="article-tag-list-item"><a class="article-tag-list-link" href="/tags/linux/" rel="tag">linux</a></li><li class="article-tag-list-item"><a class="article-tag-list-link" href="/tags/performance/" rel="tag">performance</a></li></ul>

    </footer>
  </div>

   
  <nav class="article-nav">
    
      <a href="/2021/10/07/JMeter%E8%B0%83%E4%BC%98/" class="article-nav-link">
        <strong class="article-nav-caption">上一篇</strong>
        <div class="article-nav-title">
          
            JMeter调优
          
        </div>
      </a>
    
    
      <a href="/2021/09/18/%E4%BD%BF%E7%94%A8JMeter%E6%B5%8B%E8%AF%95%E6%9C%8D%E5%8A%A1%E5%99%A8%E5%9F%BA%E5%87%86%E6%80%A7%E8%83%BD/" class="article-nav-link">
        <strong class="article-nav-caption">下一篇</strong>
        <div class="article-nav-title">使用JMeter测试服务器基准性能</div>
      </a>
    
  </nav>

   
<!-- valine评论 -->
<div id="vcomments-box">
  <div id="vcomments"></div>
</div>
<script src="//cdn1.lncld.net/static/js/3.0.4/av-min.js"></script>
<script src="https://cdn.jsdelivr.net/npm/valine@1.4.14/dist/Valine.min.js"></script>
<script>
  new Valine({
    el: "#vcomments",
    app_id: "BDYyK8ADltP2ULGCnAJe5ufP-gzGzoHsz",
    app_key: "yCqG1hemYrFKJahvOBl6uppH",
    path: window.location.pathname,
    avatar: "monsterid",
    placeholder: "你有什么想法或问题？快来评论一下吧!",
    recordIP: true,
  });
  const infoEle = document.querySelector("#vcomments .info");
  if (infoEle && infoEle.childNodes && infoEle.childNodes.length > 0) {
    infoEle.childNodes.forEach(function (item) {
      item.parentNode.removeChild(item);
    });
  }
</script>
<style>
  #vcomments-box {
    padding: 5px 30px;
  }

  @media screen and (max-width: 800px) {
    #vcomments-box {
      padding: 5px 0px;
    }
  }

  #vcomments-box #vcomments {
    background-color: #fff;
  }

  .v .vlist .vcard .vh {
    padding-right: 20px;
  }

  .v .vlist .vcard {
    padding-left: 10px;
  }
</style>

 
   
     
</article>

</section>
      <footer class="footer">
  <div class="outer">
    <ul>
      <li>
        Copyrights &copy;
        2021
        <i class="ri-heart-fill heart_icon"></i> Johnny Li
      </li>
    </ul>
    <ul>
      <li>
        
      </li>
    </ul>
    <ul>
      <li>
        
        
        <span>
  <span><i class="ri-user-3-fill"></i>访问人数:<span id="busuanzi_value_site_uv"></span></span>
  <span class="division">|</span>
  <span><i class="ri-eye-fill"></i>浏览次数:<span id="busuanzi_value_page_pv"></span></span>
</span>
        
      </li>
    </ul>
    <ul>
      
    </ul>
    <ul>
      
    </ul>
    <ul>
      <li>
        <!-- cnzz统计 -->
        
        <script type="text/javascript" src='https://s9.cnzz.com/z_stat.php?id=1280251923&amp;web_id=1280251923'></script>
        
      </li>
    </ul>
  </div>
</footer>    
    </main>
    <div class="float_btns">
      <div class="totop" id="totop">
  <i class="ri-arrow-up-line"></i>
</div>

<div class="todark" id="todark">
  <i class="ri-moon-line"></i>
</div>

    </div>
    <aside class="sidebar on">
      <button class="navbar-toggle"></button>
<nav class="navbar">
  
  <div class="logo">
    <a href="/"><img src="/images/ayer-side.svg" alt="恰得福来的博客"></a>
  </div>
  
  <ul class="nav nav-main">
    
    <li class="nav-item">
      <a class="nav-item-link" href="/">主页</a>
    </li>
    
    <li class="nav-item">
      <a class="nav-item-link" href="/archives">归档</a>
    </li>
    
    <li class="nav-item">
      <a class="nav-item-link" href="/categories">分类</a>
    </li>
    
    <li class="nav-item">
      <a class="nav-item-link" href="/tags">标签</a>
    </li>
    
    <li class="nav-item">
      <a class="nav-item-link" href="/friends">友链</a>
    </li>
    
    <li class="nav-item">
      <a class="nav-item-link" href="https://johnny1952.github.io/gitbook-tutorial">gitbook</a>
    </li>
    
  </ul>
</nav>
<nav class="navbar navbar-bottom">
  <ul class="nav">
    <li class="nav-item">
      
      <a class="nav-item-link nav-item-search"  title="搜索">
        <i class="ri-search-line"></i>
      </a>
      
      
      <a class="nav-item-link" target="_blank" href="/atom.xml" title="RSS Feed">
        <i class="ri-rss-line"></i>
      </a>
      
    </li>
  </ul>
</nav>
<div class="search-form-wrap">
  <div class="local-search local-search-plugin">
  <input type="search" id="local-search-input" class="local-search-input" placeholder="Search...">
  <div id="local-search-result" class="local-search-result"></div>
</div>
</div>
    </aside>
    <div id="mask"></div>

<!-- #reward -->
<div id="reward">
  <span class="close"><i class="ri-close-line"></i></span>
  <p class="reward-p"><i class="ri-cup-line"></i>请我喝杯咖啡吧~</p>
  <div class="reward-box">
    
    <div class="reward-item">
      <img class="reward-img" src="https://cdn.jsdelivr.net/gh/Shen-Yu/cdn/img/alipay.jpg">
      <span class="reward-type">支付宝</span>
    </div>
    
    
    <div class="reward-item">
      <img class="reward-img" src="https://cdn.jsdelivr.net/gh/Shen-Yu/cdn/img/wechat.jpg">
      <span class="reward-type">微信</span>
    </div>
    
  </div>
</div>
    
<script src="/js/jquery-3.6.0.min.js"></script>
 
<script src="/js/lazyload.min.js"></script>

<!-- Tocbot -->
 
<script src="/js/tocbot.min.js"></script>

<script>
  tocbot.init({
    tocSelector: ".tocbot",
    contentSelector: ".article-entry",
    headingSelector: "h1, h2, h3, h4, h5, h6",
    hasInnerContainers: true,
    scrollSmooth: true,
    scrollContainer: "main",
    positionFixedSelector: ".tocbot",
    positionFixedClass: "is-position-fixed",
    fixedSidebarOffset: "auto",
  });
</script>

<script src="https://cdn.jsdelivr.net/npm/jquery-modal@0.9.2/jquery.modal.min.js"></script>
<link
  rel="stylesheet"
  href="https://cdn.jsdelivr.net/npm/jquery-modal@0.9.2/jquery.modal.min.css"
/>
<script src="https://cdn.jsdelivr.net/npm/justifiedGallery@3.7.0/dist/js/jquery.justifiedGallery.min.js"></script>

<script src="/dist/main.js"></script>

<!-- ImageViewer -->
 <!-- Root element of PhotoSwipe. Must have class pswp. -->
<div class="pswp" tabindex="-1" role="dialog" aria-hidden="true">

    <!-- Background of PhotoSwipe. 
         It's a separate element as animating opacity is faster than rgba(). -->
    <div class="pswp__bg"></div>

    <!-- Slides wrapper with overflow:hidden. -->
    <div class="pswp__scroll-wrap">

        <!-- Container that holds slides. 
            PhotoSwipe keeps only 3 of them in the DOM to save memory.
            Don't modify these 3 pswp__item elements, data is added later on. -->
        <div class="pswp__container">
            <div class="pswp__item"></div>
            <div class="pswp__item"></div>
            <div class="pswp__item"></div>
        </div>

        <!-- Default (PhotoSwipeUI_Default) interface on top of sliding area. Can be changed. -->
        <div class="pswp__ui pswp__ui--hidden">

            <div class="pswp__top-bar">

                <!--  Controls are self-explanatory. Order can be changed. -->

                <div class="pswp__counter"></div>

                <button class="pswp__button pswp__button--close" title="Close (Esc)"></button>

                <button class="pswp__button pswp__button--share" style="display:none" title="Share"></button>

                <button class="pswp__button pswp__button--fs" title="Toggle fullscreen"></button>

                <button class="pswp__button pswp__button--zoom" title="Zoom in/out"></button>

                <!-- Preloader demo http://codepen.io/dimsemenov/pen/yyBWoR -->
                <!-- element will get class pswp__preloader--active when preloader is running -->
                <div class="pswp__preloader">
                    <div class="pswp__preloader__icn">
                        <div class="pswp__preloader__cut">
                            <div class="pswp__preloader__donut"></div>
                        </div>
                    </div>
                </div>
            </div>

            <div class="pswp__share-modal pswp__share-modal--hidden pswp__single-tap">
                <div class="pswp__share-tooltip"></div>
            </div>

            <button class="pswp__button pswp__button--arrow--left" title="Previous (arrow left)">
            </button>

            <button class="pswp__button pswp__button--arrow--right" title="Next (arrow right)">
            </button>

            <div class="pswp__caption">
                <div class="pswp__caption__center"></div>
            </div>

        </div>

    </div>

</div>

<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/photoswipe@4.1.3/dist/photoswipe.min.css">
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/photoswipe@4.1.3/dist/default-skin/default-skin.min.css">
<script src="https://cdn.jsdelivr.net/npm/photoswipe@4.1.3/dist/photoswipe.min.js"></script>
<script src="https://cdn.jsdelivr.net/npm/photoswipe@4.1.3/dist/photoswipe-ui-default.min.js"></script>

<script>
    function viewer_init() {
        let pswpElement = document.querySelectorAll('.pswp')[0];
        let $imgArr = document.querySelectorAll(('.article-entry img:not(.reward-img)'))

        $imgArr.forEach(($em, i) => {
            $em.onclick = () => {
                // slider展开状态
                // todo: 这样不好，后面改成状态
                if (document.querySelector('.left-col.show')) return
                let items = []
                $imgArr.forEach(($em2, i2) => {
                    let img = $em2.getAttribute('data-idx', i2)
                    let src = $em2.getAttribute('data-target') || $em2.getAttribute('src')
                    let title = $em2.getAttribute('alt')
                    // 获得原图尺寸
                    const image = new Image()
                    image.src = src
                    items.push({
                        src: src,
                        w: image.width || $em2.width,
                        h: image.height || $em2.height,
                        title: title
                    })
                })
                var gallery = new PhotoSwipe(pswpElement, PhotoSwipeUI_Default, items, {
                    index: parseInt(i)
                });
                gallery.init()
            }
        })
    }
    viewer_init()
</script> 
<!-- MathJax -->

<!-- Katex -->

<!-- busuanzi  -->
 
<script src="/js/busuanzi-2.3.pure.min.js"></script>
 
<!-- ClickLove -->

<!-- ClickBoom1 -->

<!-- ClickBoom2 -->

<!-- CodeCopy -->
 
<link rel="stylesheet" href="/css/clipboard.css">
 <script src="https://cdn.jsdelivr.net/npm/clipboard@2/dist/clipboard.min.js"></script>
<script>
  function wait(callback, seconds) {
    var timelag = null;
    timelag = window.setTimeout(callback, seconds);
  }
  !function (e, t, a) {
    var initCopyCode = function(){
      var copyHtml = '';
      copyHtml += '<button class="btn-copy" data-clipboard-snippet="">';
      copyHtml += '<i class="ri-file-copy-2-line"></i><span>COPY</span>';
      copyHtml += '</button>';
      $(".highlight .code pre").before(copyHtml);
      $(".article pre code").before(copyHtml);
      var clipboard = new ClipboardJS('.btn-copy', {
        target: function(trigger) {
          return trigger.nextElementSibling;
        }
      });
      clipboard.on('success', function(e) {
        let $btn = $(e.trigger);
        $btn.addClass('copied');
        let $icon = $($btn.find('i'));
        $icon.removeClass('ri-file-copy-2-line');
        $icon.addClass('ri-checkbox-circle-line');
        let $span = $($btn.find('span'));
        $span[0].innerText = 'COPIED';
        
        wait(function () { // 等待两秒钟后恢复
          $icon.removeClass('ri-checkbox-circle-line');
          $icon.addClass('ri-file-copy-2-line');
          $span[0].innerText = 'COPY';
        }, 2000);
      });
      clipboard.on('error', function(e) {
        e.clearSelection();
        let $btn = $(e.trigger);
        $btn.addClass('copy-failed');
        let $icon = $($btn.find('i'));
        $icon.removeClass('ri-file-copy-2-line');
        $icon.addClass('ri-time-line');
        let $span = $($btn.find('span'));
        $span[0].innerText = 'COPY FAILED';
        
        wait(function () { // 等待两秒钟后恢复
          $icon.removeClass('ri-time-line');
          $icon.addClass('ri-file-copy-2-line');
          $span[0].innerText = 'COPY';
        }, 2000);
      });
    }
    initCopyCode();
  }(window, document);
</script>
 
<!-- CanvasBackground -->

<script>
  if (window.mermaid) {
    mermaid.initialize({ theme: "forest" });
  }
</script>


    
    

  </div>
</body>

</html>